9 Replies Latest reply: Jun 20, 2013 4:28 AM by Ralph_CC RSS

    tnsnames & a VPN

    Ralph_CC

      I have to connect a client to a remote host over a VPN.  But the local address of the VPN is not the local IP address.

      So what do I put in tnsnames.ora CONNECT_DATA section.

      Or do I create a cman.ora rule ?.

      Thanks,

      Ralph.

        • 1. Re: tnsnames & a VPN
          sb92075

          Ralph_CC wrote:

           

          I have to connect a client to a remote host over a VPN.  But the local address of the VPN is not the local IP address.

          So what do I put in tnsnames.ora CONNECT_DATA section.

          Or do I create a cman.ora rule ?.

          Thanks,

          Ralph.

           

          If you log onto the DB Server via a VPN, then SQL*Net is NOT required to connect to the local DB.

           

           

           

          How do I ask a question on the forums?

          https://forums.oracle.com/forums/thread.jspa?threadID=2174552#9360002

          • 2. Re: tnsnames & a VPN
            EdStevens

            Ralph_CC wrote:

             

            I have to connect a client to a remote host over a VPN.  But the local address of the VPN is not the local IP address.

            So what do I put in tnsnames.ora CONNECT_DATA section.

            Or do I create a cman.ora rule ?.

            Thanks,

            Ralph.

            I don't know what you mean by the statement "the local address of the VPN is not the local IP address"

             

            The vpn is happening a few layers away from sqlnet, and sqlnet shouldn't have any knowledge or consideration.

             

            Exactly what problem are you having?  As in ... error messages .....

            • 3. Re: tnsnames & a VPN
              Ralph_CC

              The error is that connection over the link to the remote DB times out because it cannot connect to the VPN.

              The VPN starts at a router which has its own IP address separate from the machine with the DB.

              The aim is to run PL/SQL to fetch data over a link on the vpn.  I need to to set something extra for the link.

              Does that help.  It has worked but we had to change some of the addresses.

              • 4. Re: tnsnames & a VPN
                Ralph_CC

                PL/SQL on client connects to host over shared link on VPN.

                • 5. Re: tnsnames & a VPN
                  EdStevens

                  Ralph_CC wrote:

                   

                  The error is that connection over the link to the remote DB times out because it cannot connect to the VPN.

                  The VPN starts at a router which has its own IP address separate from the machine with the DB.

                  The aim is to run PL/SQL to fetch data over a link on the vpn.  I need to to set something extra for the link.

                  Does that help.  It has worked but we had to change some of the addresses.

                  VPN or not, a connection to a remote machine is going to go through a router, and that router, just like every device on the network, will have its own IP address. 

                  What addresses were changed? 

                  I'm really surprised that a db_link ... communication where one database acts as a client to another, would go through a vpn, but nevertheless I think the vpn is a red herring, unless it is actually blocking the traffic between the client and the database.  If so, that is something you'd have to take up with your Net administrator.  There is certainly nothing in tns that would know or care about it.  As SB is fond of saying, oracle is the victim, not the culprit.

                  • 6. Re: tnsnames & a VPN
                    sb92075

                    Ralph_CC wrote:

                     

                    The error is that connection over the link to the remote DB times out because it cannot connect to the VPN.

                    The VPN starts at a router which has its own IP address separate from the machine with the DB.

                    The aim is to run PL/SQL to fetch data over a link on the vpn.  I need to to set something extra for the link.

                    Does that help.  It has worked but we had to change some of the addresses.

                     

                    Let us review.

                    It used to work.

                    You changed something external to the DB.

                    Now it does not work.

                    Root cause & fix are external to Oracle & you waste your time & our time by posting here.

                    You have a basic NETWORKING problem that has nothing to do with Oracle DB.

                    • 7. Re: tnsnames & a VPN
                      Ralph_CC

                      Thanks, I think it hits the rules on the VPN.  I thought may be I can set Oracle to route itself through.

                      If it cannot be done then will have to change the IP addresses.

                      So from Db 1.1.1.1 to router 1.1.2.1 to remote host 2.2.2.2 then the db would know to find its way when only the last subnet mask is free.

                      Thanks for your help.

                      • 8. Re: tnsnames & a VPN
                        EdStevens

                        Ralph_CC wrote:

                        Thanks, I think it hits the rules on the VPN.  I thought may be I can set Oracle to route itself through.

                        Of what good would a VPN be (or any firewall technology) if a client could route themselves through it?

                         

                        If it cannot be done then will have to change the IP addresses.

                        So from Db 1.1.1.1 to router 1.1.2.1 to remote host 2.2.2.2 then the db would know to find its way when only the last subnet mask is free.

                         

                        Neither the DB nor TNS knows a thing about routing.  When a client (whether that client is sqlplus on your laptop or a database using a db_link) requests a connection to a database, TNS resolves that request to an ip address (that of the server hosting the requested database), a port (the port used by the listener on that host) and a service name (the service name with which the target db is registered with the listener).  TNS then packages that request and passes it on to the standard OSI network stack and says "here, deliver this".  TNS ( and certainly the client process itself) know nothing about how that request gets routed, through what routers, over what network links, through what tunnels ...  It's no different that you handing a letter to the postman.  You have no idea (nor do you care) how many postal distribution centers it goes through, if it is carried by trucks and/or airplanes, etc etc etc. 

                         

                         

                        Thanks for your help.

                        • 9. Re: tnsnames & a VPN
                          Ralph_CC

                          What I was SPECIFICALLY and SOLELY asking about was for information about whether something is possible using cman.ora (or maybe tnsnames).

                          This is mentioned in online documentation but there are no details so I wanted to ask someone who knew about this if our new security idea could be matched by rules.


                          I have been separately trying to reverse the network change.  I thought mentioning that could detract from finding what I hoped for.

                          Ralph.